Forum Discussion

Sahir_180434's avatar
Sahir_180434
Icon for Nimbostratus rankNimbostratus
Mar 18, 2016

Irule Switch statment & Datagroup question

Hi,

I have a question about following iRule & Datagroup.

iRule:

 

ltm rule Data-rule {
    when CLIENT_ACCEPTED {
     set PAN_node [class match -value [IP::client_addr] equals Data1]
     switch $A_node {
            A1 {node 10.29.170.5}
            A2 {node 10.29.170.6}
            XA {node 10.29.196.40}
               }
}
}

 

Datagroup:

 

ltm data-group internal Data1 {
    records {
        10.10.0.0/16 {
            data A1
        }
        10.100.250.121/32 {
            data A2
        }
        10.18.0.0/16 {
            data XA
        }
        10.19.0.0/16 {
            data A1
        }

      }
    type ip
}

 

My question is, when there is a match by the iRule from the Data1 group, how does the iRule process the traffic? does it send the traffic to all 3 A_nodes? or does it use the data section int the data group ( data A1, A2, xA ) as a reference to select the most specific A_node that is going to forward the traffic to ?

Thanks.

  • It selects a single node based on the client source IP. Concretely, if the source IP from the client is "10.10.10.10" the call to class match matches the first record (the record with the key "10.10.0.0/16"). The -value flag tells the class command to return the record value if there is a match (or the empty string if there is no match). So, in this example case, the variable PAN_node is set to "A1" (the value of the matching class record). The switch matches "A1", so the command node 10.29.170.5 executes. This instruct the load-balancing engine to specifically proxy (or forward, depending on the Virtual Server type) to that node.

    In Tcl, a switch does not fall through like it does in C. The code block for the first matching case is executed, then the switch terminates (unless '-' is substituted in place of the code block, which is not the case here).

  • sorry for the typo, the iRule should be like following:

     

    ltm rule Data-rule {
        when CLIENT_ACCEPTED {
         set A_node [class match -value [IP::client_addr] equals Data1]
         switch $A_node {
                A1 {node 10.29.170.5}
                A2 {node 10.29.170.6}
                XA {node 10.29.196.40}
                   }
    }
    }
    

     

  • It selects a single node based on the client source IP. Concretely, if the source IP from the client is "10.10.10.10" the call to class match matches the first record (the record with the key "10.10.0.0/16"). The -value flag tells the class command to return the record value if there is a match (or the empty string if there is no match). So, in this example case, the variable PAN_node is set to "A1" (the value of the matching class record). The switch matches "A1", so the command node 10.29.170.5 executes. This instruct the load-balancing engine to specifically proxy (or forward, depending on the Virtual Server type) to that node.

    In Tcl, a switch does not fall through like it does in C. The code block for the first matching case is executed, then the switch terminates (unless '-' is substituted in place of the code block, which is not the case here).

    • Sahir_180434's avatar
      Sahir_180434
      Icon for Nimbostratus rankNimbostratus
      Vernon,Thanks for you explanation. my other question would be about the traffic that doesn't match the rule, will it be forwarded to default route or is it going to be dropped ?